Seems like every month I find out about another company that’s come up with a novel way to disrespect its customers’ privacy. Despite all the wrangling over the CAN-SPAM Act, the national do-not-call list and all the other privacy legislation that’s been heaped upon our industry, there seems to be no shortage of companies ready to sell out their customers for a small short-term gain.
Well, folks, I think I may have found the proverbial mother lode. And this one is going to hit you where it really counts — right in the stomach.
My story begins in Dallas at an IT company called ACS. ACS is facilitating the collection of court fees, fines and related costs on behalf of the Missouri state court system. To collect on past due debts, ACS buys lists from pizza delivery companies and other private databases, such as magazine subscription lists. ACS uses the information provided by hungry pizza lovers to track down outstanding debts. The idea being that while someone might give a bad address to a police officer or government agency, they’d never give bad information while ordering a pizza.
To be honest, I know that my address will probably be sold the moment I subscribe to a magazine. I’m not exactly happy about it, but at least I know that the publishers are doing it. On the other hand, I had absolutely no idea that my humble pizza delivery person could be selling my information as well.
And I feel like somehow we’ve reached a new societal low. I don’t know about the rest of you, but it feels extremely unsettling to know that I can be hunted down by the Missouri Office of State Courts Administrator over an overdue parking ticket just because I called a nationally advertised pizza joint. Orwell might have been 20 years too early, but otherwise his predictions ring true.
I live in New York City. There are two generalizations about New Yorkers that are probably true more often than not. The first is that we’re a cynical group. As the saying goes, “We don’t trust nobody, aaaiiiight?” The second is that we’re not exactly big on cooking for ourselves. I have friends who’ve lived here for years and have never so much as boiled their own spaghetti. And I personally have 35 menus in my kitchen drawer. We New Yorkers regularly order in everything from pizza to Thai to macrobiotic burritos to avoid turning on a 50-year-old gas stove inside the shoebox that passes for a kitchen.
So when I read this story about pizza chains actively selling their customer lists, a few things crossed my mind. For one thing, I’m amazed by how trusting I’ve been with my local restaurants. I’ve provided address, telephone and even credit card information to people I don’t know. It never crossed my mind that any of these establishments might store any of my information, let alone do something with it.
I’m not sure how or why these restaurants had gained my trust. I guess that I gave them my information because they’d never led me to believe they would misuse that information. Until now, that is.
Admittedly, much of the information restaurants collect — name, address and telephone number — is available via other means. For most people, that information is available inside the phone book or via an Internet search.
But I can’t stop thinking, what in the world would possess a nationally known pizza delivery company to sell customer data on the sly? I’m sure that selling customer lists presents a nice ancillary revenue stream for many companies. But is the additional revenue really worthwhile if it cuts into the core profit of your business? Even drug dealers are usually smart enough not to turn their customers in to the authorities.
Do the pizza companies understand the breach of trust they are creating? How long until news of this gets into the public realm? How long before Jay Leno jokes about ordering a pizza “with onions and meatballs, but please, HOLD the arrest warrant.” Consumers are going to get wind of this, and then they might think twice before picking up the phone to order. And that’s the LAST thing Dominos or any other pizza restaurant could want to happen.
What would happen if an airline or a hospital was caught selling passenger/patient data that ended up in the hands of collection agents? My guess is that they wouldn’t do it in the first place. Not necessarily because they are morally superior, but because neither industry is able to operate under the radar of public scrutiny. Airlines, once bitten by bad press after many of them released passenger data to government contractors, are probably loathe to make the same mistake twice. And hospitals are regulated by privacy legislation such as HIPAA, and thus are well aware of the inherent risks associated with trafficking in patient data.
Few members of either the travel or medical industries are particularly happy being under such scrutiny. Compliance costs money, and it makes it more difficult for affected companies to focus on their core competencies. I’d bet that you’d find few people who work in either industry who wouldn’t prefer to go back to the days when their actions weren’t under constant examination by the government, and the public at large.
And perhaps that’s the biggest problem with what these companies are doing. They are painting a bull’s-eye on their backs. They are creating a caustic media story — a story that will rightly make consumers angry. And consumers will pressure some young, career-minded legislator to take action. And after all the lobbyists have been paid and all arguments are carefully taken into consideration, we’ll have a shiny new federal law that governs personally identifiable information collected by restaurants. And neither consumers nor the restaurants will be better off. Is that what we want?
